Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Checkpoint - Out of state packet

From: "saudi sans" <saudisans () gmail com>
Date: Tue, 25 Sep 2007 19:51:13 +0530
We are having Nokia Checkpoint in load balancing mode.

In the Checkpoint logs we get DROP packets messages "TCP packet out of
state: First packet isn't SYN;".It looks like out-of-state packets are
getting dropped. I am NOT worried about this.

What is worrying is source IP of the packets is of the Firewall
interface itself. The destination address/port is of the server
protected by the Firewall.

I am trying to investigate how can we get packets with source IP as
Firewall interface.

My doubts:

1. When Checkpoint encounters an out-of-state packet and DROP it, does
it log the message with source-IP as of the Firewall.

2. Assuming the Firewall is configured properly, what   are the other
instances when we get DROP traffic logs with source-address as of the
Firewall interface


Am I totally on the wrong direction in this investigation?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: